SillyDog701

[Ramona]

I'm not entirely certain this works in all cases, but Secunia's testcase fails if you have Firefox set to open new windows in tabs.

My findings exactly. I thought perhaps I must be doing something wrong, but evidently it was something right!

Ramona

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 (ax)

[Don_HH2K]

I'm not aware that Mozilla 1.7.8 has a UI for the appropriate pref (as Firefox does), but it is interesting to note that setting the pref [tt]browser.tabs.opentabfor.windowopen[/tt] to true does not have an effect, and therefore does not bypass this bug in Mozilla.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Donzilla/0.7PR2 (WML/1.3; WML/1.2; WML/1.1; WML/1.0)

[Betuaelmon]

If you use NS 8 with IE 6 engine whitout SP has got the same vulnerability as
Firefox 1.0.4, but with IE 6 SP 2 all is ok. True or false?

False. This depends on a lot of things.

First of all, if you use the Firefox rendering engine in Netscape 8, you are subject to this vulnerability. If you use IE6, you aren't, because IE isn't affected by this vulnerability. BUT, then you expose yourself to the world of IE vulnerabilities again, so leaving yourself open to this frame injection bug is the lesser of all evils.

Thank you very much for your answer

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050519 Netscape/8.0.1

[Edward]

Any word yet on when this issue will be taken care or (presumably in a version 1.0.5)?

UserAgent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

[akbash]

It's been fixed in the nightly builds since last Wednesday. I couldn't say when the next official release is scheduled.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050530 Firefox/1.0+